https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35407#M25992 <HTML><HEAD></HEAD><BODY><P>I am looking to what I would call port address translation, but am unfamiliar with how to do it on the PA. Basically I need a public IP to route SNMP traffic to one inside address, and syslog traffic to another inside address. This will also only apply to a single host from the outside. Can someone give me high level steps to what I need to configure?</P></BODY></HTML> Wed, 22 Oct 2014 13:00:30 GMT mcocat 2014-10-22T13:00:30Z https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35407#M25992 <HTML><HEAD></HEAD><BODY><P>I am looking to what I would call port address translation, but am unfamiliar with how to do it on the PA. Basically I need a public IP to route SNMP traffic to one inside address, and syslog traffic to another inside address. This will also only apply to a single host from the outside. Can someone give me high level steps to what I need to configure?</P></BODY></HTML> Wed, 22 Oct 2014 13:00:30 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35407#M25992 mcocat 2014-10-22T13:00:30Z https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35408#M25993 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>This doc will come in handy <A href="https://live.paloaltonetworks.com/docs/DOC-1517">Understanding PAN-OS NAT</A></P><P>In short you'd need two nat rules, both from untrust to untrust with the same destination (public) IP but each with it's own destination port and unique destination NAT ip address (see page 21 of the above document)</P><P></P><P>hope this helps</P></BODY></HTML> Wed, 22 Oct 2014 13:08:35 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35408#M25993 reaper 2014-10-22T13:08:35Z https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35409#M25994 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>You can also find some usefull thing on video turorials <A href="https://live.paloaltonetworks.com/videos/1550"> Video Link : 1550</A></P><P></P><P>Regards</P><P>Slawek</P></BODY></HTML> Wed, 22 Oct 2014 13:22:43 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35409#M25994 _slv_ 2014-10-22T13:22:43Z https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35410#M25995 <HTML><HEAD></HEAD><BODY><P>You Can configure following&nbsp; NAT statements for same public IP:</P><P></P><P>Untrust to Untrust from any source address to your public ip_1 on 25 then translate to private ip_1 to 25</P><P></P><P>Untrust to Untrust from any source address to your public ip_1 on 443 then translate to private ip_2 to 4443</P><P></P><P>Untrust to Untrust from any source address to your public ip_1 on 80 then translate to private ip_3 to 8080</P><P></P><P>Hope this helps. Thank you.</P></BODY></HTML> Wed, 22 Oct 2014 13:36:37 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35410#M25995 ssharma 2014-10-22T13:36:37Z https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35411#M25996 <HTML><HEAD></HEAD><BODY><P>Hello Mcocat,</P><P></P><P>You can also create a bidirectional NAT rule which looks like this:</P><P><IMG alt="nat.png" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16504_nat.png" style="height: 117px; width: 620px;" /></P><P>The source address being the private IP of the server and translated Ip being the public facing IP. This basically splits the NAT rule internally into two- one for outbound and another for inbound. You can refer to above document given by tpiens to understand this better.</P><P></P><P>Regards,</P><P>Dileep</P></BODY></HTML> Wed, 22 Oct 2014 13:48:56 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35411#M25996 dreputi 2014-10-22T13:48:56Z https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35412#M25997 <HTML><HEAD></HEAD><BODY><P>Hi Mcocat,</P><P></P><P>Refer following document that should be enough.</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-1517">Understanding PAN-OS NAT</A></P><P><A href="https://live.paloaltonetworks.com/videos/1550"> Video Link : 1550</A></P><P></P><P>NAT Example:</P><P>8.8.8.8 - Host on the Internet for which you need NAT to be applicable</P><P>1.1.1.1 - Is the Public IP on Untrust</P><P>100.1.1.1 - Is the SMTP server on DMZ</P><P>SMTP service has TCP port 25 &gt;&gt; Which you need to create</P><P></P><P><IMG alt="NAT.png" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16507_NAT.png" style="height: 33px; width: 620px;" /></P><P>You can repeat the same for other services.</P><P>Regars,</P><P>Hardik Shah</P></BODY></HTML> Wed, 22 Oct 2014 14:40:25 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35412#M25997 hshah 2014-10-22T14:40:25Z https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35413#M25998 <HTML><HEAD></HEAD><BODY><P>Wow, thank you all for the help with this. I will review the guides and advice and get this completed. I appreciate all of the help!</P></BODY></HTML> Wed, 22 Oct 2014 14:54:48 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-noobie-question/m-p/35413#M25998 mcocat 2014-10-22T14:54:48Z